diff --git a/kernel/events/core.c b/kernel/events/core.c
index e0c193083aa0568bba58b6ee6198225dc8257d3b..7b185e630e08cadaae3b5045f3e3b1a6a4a57950 100644
--- a/kernel/events/core.c
+++ b/kernel/events/core.c
@@ -6477,6 +6477,10 @@ perf_sample_ustack_size(u16 stack_size, u16 header_size,
 	if (!regs)
 		return 0;
 
+	/* No mm, no stack, no dump. */
+	if (!current->mm)
+		return 0;
+
 	/*
 	 * Check if we fit in with the requested stack size into the:
 	 * - TASK_SIZE
@@ -7065,6 +7069,9 @@ perf_callchain(struct perf_event *event, struct pt_regs *regs)
 	const u32 max_stack = event->attr.sample_max_stack;
 	struct perf_callchain_entry *callchain;
 
+	if (!current->mm)
+		user = false;
+
 	if (!kernel && !user)
 		return &__empty_callchain;
 
diff --git a/kernel/exit.c b/kernel/exit.c
index 26a81ea631567eba6adea87713a4c262e8a63918..63d2a54a5d97c603406eb5f25237135b4bfe95aa 100644
--- a/kernel/exit.c
+++ b/kernel/exit.c
@@ -802,6 +802,14 @@ void __noreturn do_exit(long code)
 	 */
 	if (group_dead)
 		sp_group_exit();
+	/*
+	 * Since sampling can touch ->mm, make sure to stop everything before we
+	 * tear it down.
+	 *
+	 * Also flushes inherited counters to the parent - before the parent
+	 * gets woken up by child-exit notifications.
+	 */
+	perf_event_exit_task(tsk);
 
 	exit_mm();
 
@@ -819,14 +827,6 @@ void __noreturn do_exit(long code)
 	exit_task_work(tsk);
 	exit_thread(tsk);
 
-	/*
-	 * Flush inherited counters to the parent - before the parent
-	 * gets woken up by child-exit notifications.
-	 *
-	 * because of cgroup mode, must be called before cgroup_exit()
-	 */
-	perf_event_exit_task(tsk);
-
 	sched_autogroup_exit_task(tsk);
 	cgroup_exit(tsk);